{"report_id":"449e1681-2590-42a8-9000-17174b9ec288","version":6,"status":"done","tags":[],"date":"2025-05-14T21:34:30Z","url":{"schema":"http","addr":"guerradone.s3.dualstack.sa-east-1.amazonaws.com/tools/RemoteToolG04.exe","fqdn":"guerradone.s3.dualstack.sa-east-1.amazonaws.com","domain":"guerradone.s3.dualstack.sa-east-1.amazonaws.com","tld":"s3.dualstack.sa-east-1.amazonaws.com"},"ip":{"addr":"52.95.164.22","port":0,"asn":16509,"as":"AMAZON-02","country":"Brazil","country_code":"BR"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-23T21:34:30Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"guerradone.s3.dualstack.sa-east-1.amazonaws.com","ip":{"addr":"3.5.233.24","port":443,"asn":16509,"as":"AMAZON-02","country":"Brazil","country_code":"BR"},"domain_registered":"2005-08-18","domain_rank":0,"first_seen":"2025-04-21T18:45:57.351147Z","last_seen":"2025-05-01T21:57:09.722704Z","alert_count":1,"request_count":1,"received_data":2303554,"sent_data":539,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"d9241a36d43313bfa4995db4e1e27227","sha1":"6560047fce6022fbb46ceb5da54b6a4b72e930a4","sha256":"afc216ddebdf3939ca8936c502ef6b0b018f655d2d8fa0309094e8b4ad737769","sha512":"902d67641d661885c323f76f240b00cde35ffd04b1bd253e482c9e5b127deaa2d0f871b03c5c795472054f9abe50a63633c30fbdcc5d197ee7b33de43e87645d","magic":"PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":2302976,"url":{"schema":"https","addr":"guerradone.s3.dualstack.sa-east-1.amazonaws.com/tools/RemoteToolG04.exe","fqdn":"guerradone.s3.dualstack.sa-east-1.amazonaws.com","domain":"guerradone.s3.dualstack.sa-east-1.amazonaws.com","tld":"s3.dualstack.sa-east-1.amazonaws.com"},"ip":{"addr":"3.5.233.24","port":443,"asn":16509,"as":"AMAZON-02","country":"Brazil","country_code":"BR"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-14","alert":"Scan result 8/69","trigger":"afc216ddebdf3939ca8936c502ef6b0b018f655d2d8fa0309094e8b4ad737769","verdict":"suspicious","severity":"","comment":"suspicious - 8/69","link":"https://www.virustotal.com/gui/file/afc216ddebdf3939ca8936c502ef6b0b018f655d2d8fa0309094e8b4ad737769","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"d9241a36d43313bfa4995db4e1e27227","sha1":"6560047fce6022fbb46ceb5da54b6a4b72e930a4","sha256":"afc216ddebdf3939ca8936c502ef6b0b018f655d2d8fa0309094e8b4ad737769","sha512":"902d67641d661885c323f76f240b00cde35ffd04b1bd253e482c9e5b127deaa2d0f871b03c5c795472054f9abe50a63633c30fbdcc5d197ee7b33de43e87645d","magic":"PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":2302976,"url":{"schema":"https","addr":"guerradone.s3.dualstack.sa-east-1.amazonaws.com/tools/RemoteToolG04.exe","fqdn":"guerradone.s3.dualstack.sa-east-1.amazonaws.com","domain":"guerradone.s3.dualstack.sa-east-1.amazonaws.com","tld":"s3.dualstack.sa-east-1.amazonaws.com"},"ip":{"addr":"3.5.233.24","port":443,"asn":16509,"as":"AMAZON-02","country":"Brazil","country_code":"BR"},"archive":null,"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-14","alert":"Scan result 8/69","trigger":"afc216ddebdf3939ca8936c502ef6b0b018f655d2d8fa0309094e8b4ad737769","verdict":"suspicious","severity":"","comment":"suspicious - 8/69","link":"https://www.virustotal.com/gui/file/afc216ddebdf3939ca8936c502ef6b0b018f655d2d8fa0309094e8b4ad737769","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"guerradone.s3.dualstack.sa-east-1.amazonaws.com/tools/RemoteToolG04.exe","fqdn":"guerradone.s3.dualstack.sa-east-1.amazonaws.com","domain":"guerradone.s3.dualstack.sa-east-1.amazonaws.com","tld":"s3.dualstack.sa-east-1.amazonaws.com"},"ip":{"addr":"3.5.233.24","port":443,"asn":16509,"as":"AMAZON-02","country":"Brazil","country_code":"BR"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-14T21:33:58.186Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.s3-sa-east-1.amazonaws.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Thu, 13 Mar 2025 00:00:00 GMT","end":"Tue, 10 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"9B:51:C1:A2:51:CC:D3:33:BC:65:F1:A3:F7:30:C2:43:39:B8:92:31","sha256":"BF:9C:46:29:EE:72:FA:47:C6:8A:57:ED:2E:0D:7F:F2:79:DC:68:08:6E:9A:20:4E:FD:0D:31:60:A5:71:A7:F3"}}},"request":{"raw":"GET /tools/RemoteToolG04.exe HTTP/1.1\r\nHost: guerradone.s3.dualstack.sa-east-1.amazonaws.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: ZeunTC6LvHgJG5yAqN+eIb+dqJgLS1wVMl8cDhu/Liana5rs+WocPWGJMNsJcvOsesfF/aLPAuL1+U1X1aC3uKMccvndA4kQhRq6dzIx4H4=\r\nx-amz-request-id: D88WD2XV45ZJWHT6\r\nDate: Wed, 14 May 2025 21:33:59 GMT\r\nLast-Modified: Tue, 29 Apr 2025 17:23:28 GMT\r\nETag: \"d9241a36d43313bfa4995db4e1e27227\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-sha256: afc216ddebdf3939ca8936c502ef6b0b018f655d2d8fa0309094e8b4ad737769\r\nx-amz-meta-s3b-last-modified: 20250429T172321Z\r\nAccept-Ranges: bytes\r\nContent-Type: application/x-msdownload\r\nContent-Length: 2302976\r\nServer: AmazonS3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2302976,"size_decoded":0,"mime_type":"application/x-msdownload","magic":"PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","md5":"d9241a36d43313bfa4995db4e1e27227","sha1":"6560047fce6022fbb46ceb5da54b6a4b72e930a4","sha256":"afc216ddebdf3939ca8936c502ef6b0b018f655d2d8fa0309094e8b4ad737769","sha512":"902d67641d661885c323f76f240b00cde35ffd04b1bd253e482c9e5b127deaa2d0f871b03c5c795472054f9abe50a63633c30fbdcc5d197ee7b33de43e87645d","ssdeep":"49152:Ftkd1n9B7UZ0atnwtVYn9B7UZ0atnwtVzcNA2wwaw9:FQnjUaYnjUaEmwa","tlshash":"dab5d04207d8d96ed98fc3f4a12d0bd51ae5c1c5d58bbf8aac467db02882372acc9d17","first_seen":"2025-05-14T21:34:32.066995Z","last_seen":"2025-05-14T21:34:32.066995Z","times_seen":1,"resource_available":false,"data":null}},"time_used":2518,"timings":{"blocked":459,"dns":1,"connect":217,"send":0,"wait":243,"receive":1357,"ssl":237},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-14","alert":"Scan result 8/69","trigger":"afc216ddebdf3939ca8936c502ef6b0b018f655d2d8fa0309094e8b4ad737769","verdict":"suspicious","severity":"","comment":"suspicious - 8/69","link":"https://www.virustotal.com/gui/file/afc216ddebdf3939ca8936c502ef6b0b018f655d2d8fa0309094e8b4ad737769","meta":null}],"urlquery":null}}]}